5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.1%
The gzip package contains the GNU gzip data compression program.
A bug was found in the way zgrep processes file names. If a user can be
tricked into running zgrep on a file with a carefully crafted file name,
arbitrary commands could be executed as the user running zgrep. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0758 to this issue.
A bug was found in the way gunzip modifies permissions of files being
decompressed. A local attacker with write permissions in the directory in
which a victim is decompressing a file could remove the file being written
and replace it with a hard link to a different file owned by the victim.
gunzip then gives the linked file the permissions of the uncompressed file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0988 to this issue.
A directory traversal bug was found in the way gunzip processes the -N
flag. If a victim decompresses a file with the -N flag, gunzip fails to
sanitize the path which could result in a file owned by the victim being
overwritten. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1228 to this issue.
Users of gzip should upgrade to this updated package, which contains
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | gzip | < 1.3-18.rhel2 | gzip-1.3-18.rhel2.ia64.rpm |
RedHat | any | s390x | gzip | < 1.3.3-15.rhel4 | gzip-1.3.3-15.rhel4.s390x.rpm |
RedHat | any | i386 | gzip | < 1.3.3-12.rhel3 | gzip-1.3.3-12.rhel3.i386.rpm |
RedHat | any | i386 | gzip | < 1.3.3-15.rhel4 | gzip-1.3.3-15.rhel4.i386.rpm |
RedHat | any | ia64 | gzip | < 1.3.3-15.rhel4 | gzip-1.3.3-15.rhel4.ia64.rpm |
RedHat | any | s390 | gzip | < 1.3.3-15.rhel4 | gzip-1.3.3-15.rhel4.s390.rpm |
RedHat | any | ppc | gzip | < 1.3.3-12.rhel3 | gzip-1.3.3-12.rhel3.ppc.rpm |
RedHat | any | x86_64 | gzip | < 1.3.3-15.rhel4 | gzip-1.3.3-15.rhel4.x86_64.rpm |
RedHat | any | i386 | gzip | < 1.3-18.rhel2 | gzip-1.3-18.rhel2.i386.rpm |
RedHat | any | x86_64 | gzip | < 1.3.3-12.rhel3 | gzip-1.3.3-12.rhel3.x86_64.rpm |